In this section
•Configuring Redirection of Connections
|
This feature is available only for distributions designed for OSes of the GNU/Linux family. |
To protect a web server running on the same host on which Dr.Web Gateway Security Suite is installed, you need to enable scanning of all the incoming traffic received by the web server with Dr.Web Firewall for Linux in the SpIDer Gate monitor.
Configuring Redirection of Connections
To configure the web server protection, specify the following values for [LinuxFirewall] section parameters in the configuration file:
Parameter |
Required value |
|---|---|
InspectHttp |
On |
AutoconfigureIptables |
Yes |
AutoconfigureRouting |
Yes |
LocalDeliveryMark |
Auto |
ClientPacketsMark |
Auto |
ServerPacketsMark |
Auto |
TproxyListenAddress |
127.0.0.1:0 If a custom IP address or port is used in Dr.Web Firewall for Linux operation, specify them here |
InputDivertEnable |
Yes |
InputDivertNfqueueNumber |
Auto |
InputDivertConnectTransparently |
Yes |
To view or edit Dr.Web Firewall for Linux settings, use:
•Dr.Web Ctl command-line management tool (use the drweb-ctl cfshow and drweb-ctl cfset commands).
For example, the command:
# drweb-ctl cfset LinuxFirewall.InputDivertEnable Yes |
configures Dr.Web Firewall for Linux so that the incoming data is scanned by the SpIDer Gate monitor if HTTP is used and the InspectHttp parameter value is set to On.
•Dr.Web Gateway Security Suite management web interface (by default, you can access it via a web browser at https://127.0.0.1:4443).
To scan data transmitted via the secure protocol, HTTPS:
•Enable scanning of the traffic transmitted via SSL/TLS by running the command:
# drweb-ctl cfset LinuxFirewall.UnwrapSsl Yes |
It is recommended to use the cfset command of the drweb-ctl tool or the management web interface, because in this case the scanning rules depending on this parameter will change automatically.
•Export a certificate to be used by Dr.Web Gateway Security Suite for embedding in secure SSL/TLS channels by running the command:
$ drweb-ctl certificate > <cert_name>.pem |
It is necessary to indicate a name of the file to store the certificate in the PEM format.
•Add the certificate to the system list of trusted certificates and specify it as the trusted certificate for web clients (browsers) and the web server (for details, see the Appendix E. Generating SSL Certificates section).
Specify values of the following parameters of the Dr.Web Firewall for Linux settings section ([LinuxFirewall]) in the configuration file:
1.Parameters for scanning transmitted data (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel and MaxCompressionRatio) that limit scanning duration and resource consumption. If detailed configuration is not required, keep default values.
2.Block* parameters for blocking unwanted URLs and content.
3.BlockUnchecked parameter to define SpIDer Gate reactions in case the received data cannot be scanned.
For more detailed configuration of HTTP message filtering rules (depending on conditions), edit the Lua procedure or the RuleSet rules.
After the settings are adjusted, reload the Dr.Web Gateway Security Suite configuration using the command:
# drweb-ctl reload |
You can also restart Dr.Web Gateway Security Suite by restarting the Dr.Web ConfigD configuration management daemon using the command:
# service drweb-configd restart |